You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Register a free account to unlock additional features at BleepingComputer.com

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Worldtrack.co malware infection

I seem to have been infected with worldtrack.co malware. Scan with Norton Internet Security (V21.1.0.18) and malwarebytes (free version) does not remove. Symptoms are creation of new tabs in both Chrome and IE to ad sites, and annoying video commercial popups. Also often tells you to update your browser. Suspect it is buried in the registry somewhere. Could be a PUP? Running Windows 7 SP1. Please help.

Download Security Check from here or here and save it to your Desktop.

Double-click SecurityCheck.exe

Follow the onscreen instructions inside of the black box.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me.

* Double-click mbam-setup.exe and follow the prompts to install the program.* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.* If an update is found, it will download and install the latest version.* Once the program has loaded, select Perform quick scan, then click Scan.* When the scan is complete, click OK, then Show Results to view the results.* Be sure that everything is checked, and click Remove Selected.* When completed, a log will open in Notepad.* Post the log back here.

Be sure to restart the computer.

The log can also be found here:C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txtOr at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

Follow the instructions in the wizard to update and allow the program to scan your computer for threats.

DO NOT click on the Cleanup button. Simply exit the program.

When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt

Please download Rkill(courtesy of BleepingComputer.com) to your desktop.There are 2 different versions. If one of them won't run then download and try to run the other one.You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Thanks for the bleeping quick response. I think I followed your instructions well. The last one, Rkill, didn't quite act like you predicted but it did generate a log. (Black DOS window stayed open for a couple minutes and there was no request to reboot.) So, below is the log files with just a couple blank lines between them, no quotes. Let me know if this is how you want them or if you want a text attachment. Hope you can help. Good luck.

ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

When the scan completes, click on List of found threats

Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
NOTE. If Eset doesn't find any threats it'll NOT produce any log.

Took me a while, especially the ESET, about 90 minutes, and there were no threats. Since it seems to be only hitting browsers, what would you think if I uninstall my browsers, IE and Chrome, reboot to hopefully refresh and delete un-needed registry items, then reinstall Chrome and IE? Below is per your last request. Good luck and thanks.

It seems that IE was NOT having problems, only Chrome. I don't use IE all that much but it was acting up when the problem began. However, I did the "Reset Browser Settings" on Chrome, followed by a reboot for good luck, and now everything seems to be fine. That was too easy. I wonder if all the scanning I did had any effect? May never know. Thanks for all your help. If I can breath a little life into my old Paypal account, I would be happy to throw a bone your (Bleeping Computer's) way. Can you suggest an amount?

NOTE 1: Beginning with Adobe Flash Version 11.3, the universal installer includes the 32-bit and 64-bit versions of the Flash Player.NOTE 2: While installing make sure you UN-check any extra garbage which wants to install alongside.

===================================

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll remove all old restore points and create fresh, clean restore point.

8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.